CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3052

LOW
3.3
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile10.73th
PublishedJun 21, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.

Affected Platforms (CPE)

πŸ’»
Ibm

Security Access Manager For Web 8.0 Firmware

= 8.0.0.2
πŸ’»
Ibm

Security Access Manager For Web 8.0 Firmware

= 8.0.0.3
πŸ”Œ
Ibm

Security Access Manager For Web Appliance

= 8.0

References & Advisories

πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21676705
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/93454
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg1IV61553
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21676705
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/93454

Related Vulnerabilities

CVE-2014-30538.0

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 an...

CVE-2014-052310.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-052410.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-052810.0

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attac...